Microsoft Open-Sources Clever U-Prove Identity Framework

“Ultimately, we want to be able to securely make transactions without giving third parties the ability to masquerade as us; we want to be able to visit websites and make purchases without those sites being able to track us or combine different pieces of information to draw a more complete picture of us; we want to be able to be able to disclose some information about ourselves, but not everything. The U-Prove framework, released as a CTP today by Microsoft, aims to solve these problems.”

About The Author

11 Comments

while the majority if MS’s projects that they have open sourced were due to no longer wanting to put paid developers of their own on it, there are a few that they have released that really have been very nice. This one seems to have nice potential to it.

“ultimately, we know about openid and oauth, but seeing as open source is the spawn of satan, we cannot really work *with* them, but are inherently bound to create an inferior and closed alternate solution.”

My problem is that they don’t contribute to solve the problem by supporting the initiatives already in place.

We already have OpenID and OAuth for open and cross-“network” identification and authentication. Instead of writing *yet another* authentication and identification framework, why not contribute to and/or use those instead?

By your comment I’m guessing that you either haven’t read what it does or managed to miss the point.

‘It was put together by respected cryptography researcher Dr Stefan Brands. He created a company to develop and market U-Prove, Credentica, which was bought by Microsoft in March 2008. With U-Prove, identity information can be used securely, and private data can be safely shared to those parties that need it, without leaking more information than is required.’

‘U-Prove allows the creation of secure ID tokens, which are pieces of data that incorporate whatever information I need for a given taskâ€”but no moreâ€”along with cryptographic protection to ensure that they can’t be forged, reused, traced back to me, or linked to other tokens that I have issued.’

My problem is that they don’t contribute to solve the problem by supporting the initiatives already in place. We already have OpenID and OAuth for open and cross-“network” identification and authentication. Instead of writing *yet another* authentication and identification framework, why not contribute to and/or use those instead? They’re solving a problem that doesn’t exist.

Because they are not Communists? Competition is good. We have single place where to buy alcohol(over 5%) but that hasn’t stop alcoholism and all the other problems, instead it has created new problem called monopoly.

I wish they would make up their minds. One week they are claiming patents on Linux, like with Amazon. The next week they open source something. They must have multiple personality disorder or something.

I wish they would make up their minds. One week they are claiming patents on Linux, like with Amazon. The next week they open source something. They must have multiple personality disorder or something.

Well, multiple department/manager disorder, which for a company is basically the same thing. A lot of the departments in Microsoft work in diametrically opposite directions much of the time, especially the minor ones (i.e. not Windows, Office, or XBox).